Encryption is good.

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Encryption is good.

Post by Wonko the Sane on Wed Feb 06, 2013 5:08 pm

Any reason you chose AES over Twofish or just because?

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Trey on Wed Feb 06, 2013 6:27 pm

No particular reason.

Trey
Pie Academy Member

Number of posts : 108

View user profile

Back to top Go down

Re: Encryption is good.

Post by Trey on Fri Feb 15, 2013 4:45 am

Anyone ever used the full filesystem encryption thing that TrueCrypt offers? How well/smoothly does it work? I'm planning on reformatting/reinstalling my computer soon, and I suppose it'd be a good thing to get done if there isn't a significant performance impact or anything.

On the same note, anyone ever tried one of those new-ish SSD drives with hardware supported encryption?

Trey
Pie Academy Member

Number of posts : 108

View user profile

Back to top Go down

Re: Encryption is good.

Post by Wonko the Sane on Fri Feb 15, 2013 1:44 pm

I know a good, high-end SSD is insanely faster than a normal drive, and cheap-o SSD's aren't much better and can fail much easier. I haven't heard anything about the ones with hardware encryption though. Sounds shady to me, I'd have to look into it.


I do know a thing or two about TrueCrypt though. I've had both my drives encrypted using its whole disk/system encryption for years now. The best part about it is it actually speeds up disk reads and writes, believe it or not, and has no impact on performance otherwise.

Background:
A long time ago when I was first considering trying it out, I watched a security podcast on the TWiT network (http://twit.tv/, they do great stuff by the way) where they were discussing various encryption options and which offers the best solution. The security expert who was doing the tests compared TrueCrypt with something else I don't even remember anymore, and ran a barrage of tests for performance. Turns out, TrueCrypt takes over control of hard drive read/write operations from Windows, and TrueCrypt does it faster than Windows does it natively. Even with the encryption process!

That kinda just blew my mind, but then I remembered that Windows is Winblows and Microsoft kinda sucks at this game, so it all made sense at that point and I installed TrueCrypt and have never looked back.


So, basically, you've got nothing to lose. Just so you know, you don't have to format or anything if you want to set it up. It will encrypt your entire system on the fly, as is. Make sure you use a password that's at least 20 characters as they recommend in their documentation. Typing that in each time your computer boots is the only downside to all this, but you get used to it and it's totally worth it for the extra security. Also, it means you never have to wipe an old hard drive before you toss it again. It's all encrypted gibberish to anyone who gets their hands on it. Thumbs Up

So yeah, I can't recommend TrueCrypt enough for this sort of thing. It's fantastic.

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Wonko the Sane on Fri Feb 15, 2013 1:51 pm

I did quickly read that using TrueCrypt on a standard SSD is not recommended. They say any device that uses wear-leveling to improve the lifetime of the flash memory is vulnerable to attack:
http://www.truecrypt.org/docs/?s=wear-leveling


So it sounds like that's the reason why hardware encrypted SSD's have come into existence, since they probably need to be specially designed to support encryption. Still no idea which brands/types would be the most secure or the best option for performance and security and such.

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Trey on Fri Feb 15, 2013 5:26 pm

TrueCrypt does it faster than Windows does it natively. Even with the encryption process!

How embarassing for MS. I intend to reformat my drive for other reasons(pretty much just want a clean start. so much junk and stupid things i've done...coding/compiling anything for class is absolute pain on my windows box now)

Trey
Pie Academy Member

Number of posts : 108

View user profile

Back to top Go down

Re: Encryption is good.

Post by Trey on Sun Feb 17, 2013 8:30 pm

I was browsing today and found a nice utility.

http://www.arg0.net/encfs
http://members.ferrara.linux.it/freddy77/encfs.html

It is a pass-through filesystem as opposed to the block design used by TrueCrypt, meaning it encrypts files individually instead of encrypting an entire fs or container. This potentially works much better if you're trying to encrypt your dropbox or other cloud files. With a TrueCrypt container, any change inside a container can require you to re-sync the entire container, whereas with EncFS you would only need to sync the file(s) you change. It supports most modern encryption algorithms.


How does the TrueCrypt filesystem encryption play with Dropbox? I just got hold of an external HDD tonight to back up my data, so I'll be reformatting later tonight/tomorrow probably.

Trey
Pie Academy Member

Number of posts : 108

View user profile

Back to top Go down

Re: Encryption is good.

Post by Wonko the Sane on Mon Feb 18, 2013 1:22 am

The tl;dr version: Basically, use TrueCrypt. It's the best at everything.


If you're encrypting the entire drive, it plays just fine. After you put your password in at bootup, you will notice absolutely no difference between the new fully encrypted drive and one that isn't encrypted. TrueCrypt handles the encryption and decryption completely silently and automatically in the background.

There's no complicated syncing issues or anything of that sort. That problem is true if you only have a single encrypted file container using TrueCrypt, but doesn't affect anything when you have your entire drive encrypted. As far as dropbox is concerned, the files it sees are not encrypted because the decryption stuff is happening even before Windows sees your files. It's kind of hard to explain, but basically TrueCrypt operates at such a high level that programs, even Windows, don't even know your stuff is encrypted. But when you shut the computer down, it's totally secure.

The implication is that while your PC is running, nothing is secure because anyone can walk up to it, plug in a flash drive, and yoink your files. Conversely, the drive is jibberish when it's off which is why you can just toss it without wiping it when it's time for a replacement, but it also means if anything goes wrong with the drive and you need to, say, connect to it externally from another computer to run some repair programs or something, you'd use the TrueCrypt rescue disk to decrypt the entire drive first otherwise those repair programs see jibberish.


That encfs thing, just at a glance I can tell you it's not the same as TrueCrypt's system encryption. If you're familiar at all with making a container file in TrueCrypt, encfs seems to be designed to perform that same function, basically a small encrypted container within an existing partition (ie, dropbox), but it allows the outside world to peer into the encrypted container to distinguish individual files without the need for them to be decrypted. From a security standpoint that's not really a good thing. You may not be able to see the file data itself, but even just seeing the file's meta data as explained on that site you linked to gives away too much information about your stuff. It also seems to not be maintained as well as TrueCrypt is, but I could be wrong. I can't find any information on the encryption algorithms it uses other than it's some kind of AES and some kind of Blowfish. Blowfish is now old, replaced by Twofish, and since it offers Blowfish instead of Twofish I'm going to guess it's using a smaller key length AES like 128bit, since computers were way slower back then. I may be wrong, I just couldn't find any information about this on the site.

TrueCrypt, on the other hand, makes all the information about its encryption and hashes and so forth easily available. " TrueCrypt uses AES with 14 rounds and a 256-bit key" -- found that in 2 seconds on their site. In terms of encrypting a drive vs just a container, it allows you to encrypt your entire drive on a system level. As in, the entire drive gets encrypted, THEN partitions get made, THEN windows gets installed into that partition inside the encrypted drive, and THEN files go inside windows which is inside a partition which is protected by an entirely encrypted and totally secure drive. Make sense? TrueCrypt, in that sense, operates at the highest possible level. It's also very well developed and maintained, meaning it supports things like encrypting the Windows hibernation file, which a lot of encryption programs don't support because it's a fairly difficult thing to secure properly. Windows writes that file on the boot sector I think, and that's also where Truecrypt lives.

So yeah, use TrueCrypt to encrypt an entire drive, don't bother with anything else. For encrypting only a single container on your drive though, that other thing doesn't sound like such a bad option if you want to sacrifice a bit of security for easier dropbox syncing. But it sounds like you're asking about encrypting the entire drive, not just one folder.

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Wonko the Sane on Sun Mar 17, 2013 11:59 pm

An interesting quick read:
http://www.cnn.com/2013/03/16/opinion/schneier-internet-surveillance/index.html

I don't trust CNN at all as a rule, but the guy who wrote the article is Bruce Schneier, a well-known security expert. He created the Blowfish and Twofish encryption algorithms.

His basic point is no matter what we do, someone out there can easily learn everything we don't want them to know about us by correlating the massive amount of Internet tracking data that exists on each one of us. Apparently it's quite trivial to do this. He says this is just how it is.

I'm sure there are some things you can do to mitigate this, such as running Ghostery's plugin in Chrome to block all the tracking code sites try to use without telling you, or you can use various forms of encryption to protect your privacy to some extent, but in the end I guess he's right. There's not much we can do about it and that's a real shame.

He references George Orwell, which was required reading when I was in school.

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Theicecreaman on Mon Mar 18, 2013 12:44 pm


_________________
Click here.
avatar
Theicecreaman
Time Lord
Time Lord

Number of posts : 3987
Location : Look for the fireworks and semi-functional trampolines

View user profile http://schoolofcake.forumotion.com

Back to top Go down

Re: Encryption is good.

Post by Wonko the Sane on Mon Mar 18, 2013 10:46 pm

affraid ohno!

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Wonko the Sane on Mon Mar 25, 2013 12:15 pm

Here's a screengrab Ghostery tweeted out. These are all the javascripts and other codes that this one news site uses to track your movements before and after going to their site, as well as yoinking all the information they can about you off your computer:




I've been using ghostery for a while now and I'm not sure I've seen a site using that many trackers. I've seen up to a dozen or so that it blocks but wow, that's a lot. The news headline is pretty funny too 'cause the Internet knows you better than you do.

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Wonko the Sane on Mon Jun 17, 2013 10:40 pm

I'm gonna tuck this one in here because I can:

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Theicecreaman on Tue Jun 18, 2013 11:03 pm

Oh. My. God.

That is literally every scientific research paper ever written.

_________________
Click here.
avatar
Theicecreaman
Time Lord
Time Lord

Number of posts : 3987
Location : Look for the fireworks and semi-functional trampolines

View user profile http://schoolofcake.forumotion.com

Back to top Go down

Re: Encryption is good.

Post by Trey on Wed Jun 19, 2013 11:30 pm

Oh. My. God.

That is literally every scientific research paper ever written.

At least half your job isn't reading academic papers Wink

Trey
Pie Academy Member

Number of posts : 108

View user profile

Back to top Go down

Re: Encryption is good.

Post by Theicecreaman on Wed Jun 19, 2013 11:39 pm

Yeah, the institutional review board guys have the worst job ever. Those reviewers just sit around reading papers all day. So boring.

steak steak steak steak steak

steak steak

steak steak steak

_________________
Click here.
avatar
Theicecreaman
Time Lord
Time Lord

Number of posts : 3987
Location : Look for the fireworks and semi-functional trampolines

View user profile http://schoolofcake.forumotion.com

Back to top Go down

Re: Encryption is good.

Post by Wonko the Sane on Thu Jun 20, 2013 12:30 am

I could really go for a good steak right now.  I wonder why... oh well.  Shrug

_________________
avatar
Wonko the Sane
Certifiably Sane
Certifiably Sane

Number of posts : 4090
Location : The outside of the asylum

View user profile http://schoolofcake.forumotion.com/

Back to top Go down

Re: Encryption is good.

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum